:
I would like to make a friendly amendment that we have two meetings, if it's possible. Is that okay?
I think that the minister should come before the committee himself and that Mr. Brown would present his report, perhaps Mr. Day and Mr. Brown together. I don't see the need to mix all of these people together. It's a strange mixture of witnesses. The minister is certainly happy to defend his conduct in cleaning up the mess he inherited, and Mr. Brown was an appointee of Mr. Day, so I don't see why the two of them can't come together.
Mr. Zaccardelli, as the Liberal-appointed head of the RCMP, is no longer with us; he deals with the past. If we want to discuss the past any more, I suppose we can do that, but it's not congruent with having Mr. Day and Mr. Brown, who of course are responding to a mess they inherited.
I'm not sure what Mr. Spice's role is in this. Sure, he's a part of it. He was one of the ethics advisors or whatever. But there are lots of people who are equally or even more germane to the discussion than Mr. Spice.
So I would propose that it be two meetings. They can both happen on the same day, if necessary, one being with—
:
Thank you, Mr. Chairman.
I think committee members were fairly clear when they tabled a motion on an issue which, in my opinion, had already been addressed by the letter signed by six or seven members. As far as that issue is concerned, it can be said that committee members covered all the bases.
From the moment the chairman received the letter, the steering committee should have decided on the date of the meeting. Indeed, under the standing orders, the meeting must be held. It seems very straightforward. Mr. Chairman, I have the impression that this discussion is going nowhere and that no one is really listening to what I am saying. In short, we should have the meeting, and it will be up to the steering committee to decide when. We have already identified the witnesses.
:
That's right, and I think Mr. Christopherson has found a solution to get on with it. We all want this meeting to happen. This meeting has to happen; obviously there needs to be some follow-up on the report that's gone out, but there are two parts to this whole sordid affair: one is what happened, and two is what we're going to do about it.
We've had numerous witnesses appear repeatedly. That's nothing new. When I look at the list of witnesses we have here, we have Mr. Zaccardelli, who has already been before the committee. I don't have any problem bringing him back, but what he is here to discuss is what occurred, what happened--in the past tense--because he is condemned in the report by Mr. Brown.
If we are going to have him, then we should have the minister who was responsible for that portfolio when the wrongdoing occurred, and that minister, of course, was Anne McLellan.
We've learned in the report that Mr. Zaccardelli conducted himself in an unacceptable manner. We also know that the minister of that time, when asked about it at the beginning of the criminal investigation, stood up and prejudged that criminal investigation by declaring that Mr. Zaccardelli had no conduct whatsoever that needed to be investigated. That's in the parliamentary records. It's been read into the records of this committee.
I think it's only fair that she be asked to come back and explain why she absolved Mr. Zaccardelli before the investigation was even allowed to go ahead and before any findings were allowed to be reached. That is especially important now because we have the findings of Mr. Brown, which suggest there was plenty of conduct on the part of Mr. Zaccardelli that would have needed to be investigated.
Second, what we have learned throughout these proceedings is that the Treasury Board approved increase after increase in allotments to cover the pension and insurance outsourcing. All of that had to go to Treasury Board, and it was approved by Treasury Board members.
The person who is responsible for the Treasury Board is the president. That's the minister who is responsible for explaining the conduct of that board. When we last had him and Ms. McLellan, we did not have all this information. We did not have Mr. Brown's report explaining that there was conduct on the part of Mr. Zaccardelli that needed to be investigated. We did not have all of the information on the Treasury Board submissions that were ultimately approved by the members of that board.
Now that we do, I think it's only appropriate that we bring back Mr. Alcock and Ms. McLellan, who presided over this affair and were the political actors responsible during the time that it occurred. None of this occurred after they left; all of it happened when they were there. At the same time, we have a former Liberal staffer as the CFO under whom all of this occurred and a Liberal MP who was actively involved in the contracting, so I suspect there should be no opposition whatsoever--if the Liberals are willing to be accountable--to support the addition of Ms. McLellan and Mr. Alcock.
These hearings have to happen. Do we have unanimous consent for Ms. McLellan and Mr. Alcock to be added to the list, or do we just add it?
:
I just want to clarify a couple of things.
On Ms. Sgro's point that this is a witch hunt, I do want to point out that, clearly, the letter as written is out of order according to the rules, and in good faith we've agreed to meet on Thursday about this. We are moving forward on that, so I don't think accusing us of a witch hunt is appropriate.
Secondly, now that we have this list and we're discussing the motion, are we actually going to have the current Minister of Public Safety sitting beside the former Minister of Public Safety, at the same meeting? Is that what we're talking about here? Maybe we could put Dave Brown in between them. Of course, Dave Brown was a famous enforcer for the Edmonton Oilers—
:
No, we're still on this motion. We haven't agreed to the motion and I'm speaking to the motion.
Simply for administrative purposes, I think we can do this all in one day. What we've done before in these committees is have the witnesses appear in clusters--an hour and a half with one cluster and an hour and a half with a second. We have two parts that we need to discuss at this meeting; one is the scandal that happened, so I think it's appropriate to have the people who were around when that scandal happened. That would be Mr. Zaccardelli, Mr. Spice, and Ms. McLellan, who were there when this matter occurred. Then have the people who are here discussing where we go to clean it up, and that includes Mr. Brown, Mr. Day, and Ms. Busson, who are the forward-looking ones. I think that would be a good way to break down the discussion into parts that could be managed.
I do agree with Mr. Lake. I don't know the precedence, but I personally haven't seen former and existing ministers testify side by side or on the same panel, but I think it would be more procedurally and administratively eloquent if we broke into two parts on the same day, giving us the ability to zero in on the players. Again, Mr. Day, Mr. Brown, Ms. Busson, to deal with the future; Mr. Zaccardelli and Ms. McLellan, along with Mr. Spice, to discuss what happened when they were involved.
I put that forward as an amendment.
:
All those in favour of the amendment.
An hon. member: Can you read the amendment?
The Vice-Chair (Mr. Brian Fitzpatrick): I interpret his motion....
Order. Do you want to know what the gist of the motions are? He's basically proposing two clusters, two separate meetings--
An hon. member: No, the same meeting with two parts.
The Vice-Chair (Mr. Brian Fitzpatrick): The same meeting with two separate clusters. The first one would be former commissioner Mr. Zaccardelli, former minister Ms. McLellan, and Mr. Spice, who would deal, as I understood it, with what happened when things took place and so on. The second one would be Mr. Brown, Minister Day, and Commissioner Busson talking about what's being done going forward.
Mr. Laforest.
I was just talking about that motion. I'll read it to you. Can everybody pay attention? We'll read the motion, and then you'll know what we're talking about.
The motion is that the committee chairperson and staff be authorized to review government responses to recommendations made by the committee during the 39th Parliament, on the committee’s behalf, acknowledge receipt of the responses where they respond clearly and completely to recommendations, or request by letter further information or clarification, as required.
This is just giving Mr. Stilborn and the committee chairperson a much clearer mandate and terms of reference for doing work over the summer.
:
Now we're back to Mr. Laforest's motion, which we dealt with last Thursday.
I think as it was left last Thursday, Mr. Laforest--and I'd like to leave it where it was that day--that we take this thing under advisement. I really think that because of the issues raised, we do need to get some legal advice about the constitutionality of calling a lieutenant governor before our committee.
We're certainly not going to have this meeting, if we proceed with it, until the fall. Mr. Walsh and the other legal people could certainly give us some guidance on this matter well before we schedule such a meeting. That, I think, would be a lot more suitable.
Go ahead, Mr. Laforest.
:
Again, on that point, Mr. Williams, before we leave it, I'm just going to point this out:
A point of order calling attention to a departure from the Standing Orders or from the customary manner in which a committee has conducted its proceedings may be raised at any time, by any member of the committee. In doubtful or unprovided cases, the Chair may reserve his or her decision.
That's my interpretation of what we did last Thursday.
Mr. Laforest, I've no doubt it's an important issue, but there's no urgency on the matter. The earliest we're going to be able to deal with this matter is in the fall. I think we have good legal advice. Maybe the Quebec legislature knows something we don't know. I think there were enough good points raised last Thursday that a person should proceed with some caution on the matter.
So I think that would be my decision, to go ahead with what was decided last Thursday. We'll be consulting with the legal officials. Come the fall, when we get this thing clarified, we can proceed with it.
That would be my ruling. If we're going to deviate from the Standing Orders and use the discretion that is given to the chair under the rules, this is a good area to do it in.
Yes, Mr. Roy.
:
I'm just reading the rules; I didn't make them. It says that in these uncharted areas, the chair has the right to do that. So I'm going ahead with what the chair has as a discretion in these areas.
If there were urgency involved with this, Mr. Roy, maybe we'd have to move very expeditiously to deal with it. But we're going to have three months for Mr. Walsh and the legal people to get back and advise us on the legalities of calling this person before this committee.
Not only is it the rule, but it seems to me to be common sense that we'd follow that practice, and I'm making that ruling.
We have another matter on the agenda today, and we should get on to this business. We have some good witnesses here who want to inform us on an issue of fairly major importance.
We will be back in the fall, and there will be steering committees. If we can bring the Lieutenant Governor before the committee, and it's legal and so on, we'll do it.
:
First of all, as I said just before you adjourned the meeting--and I'm sure it's in the blues from the meeting--rather than making a decision now, because it is controversial, you should check with the Speaker, the Clerk of the House, and the law clerk and bring their opinions to bear on the issue before you rule whether or not the motion is in order. It seems to me that you haven't had time to consult with these people. Therefore, until you can, you are not in a position to make a ruling.
Number two, Mr. Chairman--and it was brought up the other day, Mr. Wrzesnewskyj--is Standing Order 18. The whole reason, of course, is because of asking the former Lieutenant Governor to explain her expenses while she was in office. Standing Order 18 says:
No Member shall speak disrespectfully of the Sovereign, nor of any of the Royal Family, nor of the Governor General or the person administering the Government of Canada....
That includes Madame Lise Thibault when she was Lieutenant Governor.
I would think that when somebody comes before this committee, quite often it's a fairly testy situation. It has been on the odd occasion, and it may be with her. I don't know, but we're certainly not going to have her treated disrespectfully.
Also, Mr. Wrzesnewskyj--and I raised this last week--the issue of a representative of the Crown appearing in the House of Commons is constitutionally barred. That issue has to be addressed, and it's been in since 1642 or 1644. My memory is a little vague, going back that far, but it's one of these two dates.
So it's a constitutional question that needs to be resolved, Mr. Chairman, and I would suggest that you rule that the matter cannot go forward until you have consulted these people.
:
Hear me out on this, Borys. It's not really overruling the Standing Orders. The ruling just says, “In doubtful or unprovided cases, the Chair may reserve his or her decision”.
As the chair, I quite honestly don't have the jurisprudence behind this whole issue. And the law clerk, who is a very knowledgeable person, came before this committee and my recollection was that he was looking through his research and he wasn't prepared to answer that, and I don't think the law clerk even at this time is.... This is an uncharted area for our committee. It seems to me this thing is precisely on point. That was the decision we made last Thursday, and nothing has really changed.
By September, when we come back to the House, we'll have an answer to that question. And if the answer is yes, we can, then we'll have the person here.
That's my ruling.
:
That's fine, Chair. Thank you.
Mr. Chair, we are pleased to be here today to meet with your committee to discuss chapter 3, on large information technology projects. Accompanying me today are Doug Timmins, Assistant Auditor General, and Richard Brisebois, Audit Principal.
Over the past six years the federal government has embarked on many large information technology projects. These large projects are no longer about introducing new computer hardware or systems but rather improving the quality and efficiency of public services. The recognition that there are increasingly complex IT issues that cross departmental boundaries has resulted in horizontal initiatives, such as government online and the secure channel.
[Translation]
During this audit, we attempted to determine whether the Treasury Board of Canada Secretariat had adequately fulfilled its challenge and oversight responsibilities for the large IT projects in our sample. However, the government denied us access to information we needed, stating that most of the information and analysis that it collected and prepared was a Cabinet confidence that could not be disclosed to us.
As a result, we were unable to conclude whether the Treasury Board of Canada Secretariat had carried a proper challenge and oversight role for these projects. However, I am pleased to report that since we completed the audit, our access to this information has been clarified by a new order in council.
[English]
In the last three years the federal government has approved funding totalling $8.7 billion for new business projects with significant use of information technology. Individual departments are responsible for managing their projects, but the Treasury Board of Canada Secretariat plays a central role in ensuring that IT projects fit the government's priorities and follow sound management principles.
Overall, the government has made limited progress since our last audit of IT projects in 1997. The federal government still experiences difficulty in managing large information technology projects, despite the existence of a framework of best practices for managing them that dates back to 1998.
We examined a sample of seven large IT projects from four perspectives, governance, business case, organizational capacity, and project management. The seven projects were the global case management system of Citizenship and Immigration Canada; the secure channel of Public Works and Government Services Canada and the Treasury Board Secretariat; the expenditure management information system of the Secretariat; the integrated revenue collections of the Canada Revenue Agency; the 2006 census online of Statistics Canada; AgConnex of Agriculture and Agri-food Canada; and My Account, My Business Account of the Canada Revenue Agency.
[Translation]
The audit found that only two of the seven large IT projects examined—2006 Census online and my account, my business account—met all the criteria for well-managed projects. It is also important to note that these were smaller projects with development timelines of less than three years.
Five of the projects were allowed to proceed with a business case that was incomplete or out of date or contained information that could not be supported. Four of the projects examined were undertaken even though departments lacked either the appropriate skills and experience to manage the projects or the capacity to use the system to improve the way they deliver their programs.
The quality of governance varied widely from project to project. In four projects we found that governance responsibilities were not carried out adequately because key issues that had impact on project performance were either not reported or not resolved.
[English]
The persistence of these longstanding problems is extremely troubling, not only because they involve large public investments but also because of lost opportunities to improve business practices and service delivery to Canadians. The government has agreed with all our recommendations, and indicates that it is making improvements in managing large IT projects. The committee may wish to ask the government for a more specific action plan with precise timelines for government action.
That concludes our opening statement, Mr. Chair. We would be pleased to answer any questions the committee members may have.
Thank you for the invitation to appear before your committee to discuss the Auditor General's chapter on large information technology projects.
I'd like to introduce the government officials joining me today. I have with me Mr. Alexander, who is the deputy chief information officer of the Government of Canada, and Mr. Poole, who is the chief executive officer of the information technology services branch at Public Works and Government Services Canada.
As you know, Mr. Chair, the government has taken an explicit direction to strengthen accountability and management practices across the public sector. To that end, we welcome the Auditor General's recommendations to improve the management of IT projects, and we are taking action to address her concerns. Furthermore, the Auditor General's recommendations will contribute to the work that is already under way, which I'd now like to outline.
In order to properly position our action plan, I would like to first outline the role of the federal CIO. The role has four components, which are defined as policy, practices, a challenge role, and monitoring.
The first element of our role is policy. Under the authority of Treasury Board ministers, we develop policy instruments that both direct and guide departments when they undertake projects. These instruments serve to clearly explain what is expected of departments and agencies. When developing these policy instruments, we consult with the broad community to ensure that the policies are practical and can be implemented by departments. We also use the management accountability framework to assess departmental compliance with our policies.
In terms of the second element, we establish and share practices related to the management of IT-enabled projects. The enhanced management framework for IT-enabled projects outlines best practices in areas such as risk management, project governance, and project monitoring.
The third element of our role is the challenge function. We review and make recommendations to ministers on departmental and government-wide IT-enabled projects. When departments seek Treasury Board authority or funding for IT-enabled projects, we review with departments their Treasury Board submissions. This review is designed to ensure that they have followed the relevant policies and can demonstrate that they have the necessary evidence of good project planning and oversight in place.
Finally, for projects that are deemed to be higher-risk or particularly sensitive, the CIO branch implements a monitoring regime that allows us to track progress on a regular basis. This allows early warnings to be raised if major issues are encountered, so that proper action can be taken to address these issues.
Those are the four elements of our role. Departments and their deputies are ultimately responsible and accountable for the development and implementation of projects in their departments and for following Treasury Board management policies.
I should note that in certain cases when a project is being developed for government-wide use, such as the secure channel, the chief information officer branch will work across departments to consolidate a broad range of requirements.
I'd like to take a moment and turn to our action plan, which is in line with the four elements of our role.
Part one of our action plan is focused on the policies. As part of a review of all management policies, known as “policy suite renewal”, we are developing new directives, one on management of IT-enabled projects and another on IT investment planning.
Part two of the action plan focuses on practices and will see further improvements to our enhanced management framework, which was first developed in 1995. Departments have been directed to follow this framework when undertaking IT-enabled projects.
I would like to share with you one of the highlights of our efforts to improve the enhanced management framework. Under the framework, we are developing a new capacity assessment tool that departments must complete to determine their readiness to proceed with a project. This assessment includes a review of the department's internal skills to conduct the project, as well as of the ability of the department to accept the business transformation that comes with the project—in other words, to make full use of the new solution.
Part three of the action plan is focused on our challenge role. To improve departments' abilities to prepare for Treasury Board submissions, we are redesigning and updating our process for reviewing these submissions. Increased clarity in what is expected by the secretariat will improve the quality of the challenge process and ensure that departments and agencies are focusing on the right critical issues as they prepare to launch projects and seek Treasury Board ministerial approvals.
The last part of our action plan is focused on the monitoring role. Projects of a given scale and level of complexity will also be required to have independent third-party assessments done at key milestones. This will ensure that management has an independent perspective as to the health of the project. These assessments will also follow standardized techniques to ensure consistency and reliability of the reviews and guidance provided.
In conclusion, we welcome the Auditor General's recommendations to improve the management of IT projects. We are committed to implementing changes to the policies and to taking corrective actions to address these issues, as outlined in our action plan. We know these measures will help to strengthen management practices across government and ensure greater accountability and value for money. We are prepared to speak to the target dates of the action plan in far more detail.
Mr. Chairman, this concludes my remarks.
:
Thank you very much, Mr. Chairman, members of the committee.
My name is Steven Poole. I am the CEO of ITSB in Public Works.
I'm here today to assist the Treasury Board Secretariat in addressing chapter 3 of the AG's November 2006 report on large IT projects, particularly secure channel.
Mr. Chairman, I will spend only a few minutes to summarize our involvement in secure channel, the centrepiece of Canada's common information technology infrastructure.
As committee members know, the goal of secure channel is to provide Canadians and Canadian businesses with secure, responsive, and private access to Government of Canada online programs and services. Public Works has been responsible for delivery of the technical requirements since June 1999. The architecture and management of the secure channel project was fully transferred to our department in December 2003.
Governance of the project was shared with the Treasury Board Secretariat throughout, with TBS accountable for strategic governance and Public Works accountable for internal project governance.
A significant investment is required to build a secure common infrastructure that protects the integrity of Canadians' information. This approach is more cost-effective than allowing government departments to build and maintain separate infrastructures. Our estimates in Treasury Board submissions as early as June 2001 were close to the actual costs. In 2006, Public Works negotiated a long-term contract with the service provider, which further reduced the estimated cost. The contract was assessed “an excellent deal” by Forrester, an independent technology market and research company.
In essence, to operate secure channel going forward will cost less than $3 per Canadian per year. We recognize that these are significant costs, and that's why Public Works benchmarked these costs to ensure that they were in line with industry averages.
Mr. Chairman, Canadians are concerned about identity theft and have stated that they do not want their personal information at risk. We are serious about protecting Canadians from security breaches. Secure channel has won a number of national awards, including the Canadian information productivity awards in 2005 and in 2006. In fact, at the international level, the project was instrumental in Canada being rated for five consecutive years, by the international research firm Accenture, as number one among 22 countries for its e-government performance.
We take very seriously the comments by the AG in her report. Though the AG noted that the initial take-up of the secure channel was below projections, I am pleased to say that today Canadians have embraced secure channel in unprecedented numbers. In fact, over five million e-passes, which are used to manage individual credentials, have been issued to citizens to date, including census 2006 online, with more than six million business transactions last year. The growth rate for secure channel has been very significant, and demand rose by 200% from 2005 to 2006.
In terms of tangible outcomes, 95% of federal government organizations use at least one secure channel service to enable their online applications; 61 government programs are using e-pass; over 54,000 businesses use Service Canada's record of employment, which has reduced their business transaction time from days to minutes; Foreign Affairs' passport online helped issue over 310,000 passports; Canadian Forces online recruiting is also going strong, with over 178,000 business transactions since they started their program in October 2005.
While the AG did not audit the privacy and security aspects of secure channel, parliamentarians should know that it is providing the best security and privacy protection available to sustain the integrity and trust of the Canadian public. In fact, in 2006 we had millions of security-related alarms that were addressed without a single compromise of our systems.
The AG noted the challenges of delivering these horizontal projects across many departments and agencies. She noted that “The federal government has recognized that there are complex IT issues that cross departmental boundaries”. We have seen that complexity first-hand.
I am pleased to note that secure channel received full marks for project management, as evidenced by its ever-growing success in enabling other projects, such as the two projects in the report that received perfect marks, namely, Statistics Canada census online and the Canada Revenue Agency's “My Account”.
Mr. Chairman and members of the committee, I welcome your questions.
:
Thank you very much, Mr. Poole.
We have some time here for three minutes, with four people up.
I should remind the committee, too, for Wednesday's meeting, that we will be reviewing chapter 5, on passport services, Passport Canada.
We have Mr. Rota up first, for three minutes, please.
In the framework that has been established for the Government of Canada, the Treasury Board Secretariat plays a major challenge role for all these large IT projects. As I noted in my opening statement, we tried to assess that challenge and supervision role, but we were denied access to those documents on the basis that they were cabinet confidences of a nature that we could not see. That has been resolved since. So we were unable to assess how well the Treasury Board Secretariat was carrying out that challenge role.
What we did find in many of the documents, and you can refer to page 26 of our report, was that one of the most significant weaknesses was the lack of a good business case to explain why the project was needed, what the costs would be, and what the ultimate outcomes were. I'll point, for example, to the secure channel. There was no robust business case to explain why the government would eventually spend $400 million to build a secure channel and to explain who was going to use it. There was much temporary funding given over time. In fact, at one point there was even funding given to close the project down that was used to keep it going. So it's about the robustness of a business case.
Perhaps outside firms could help in developing those business cases, but we would certainly expect the Treasury Board Secretariat to play that really significant challenge and supervision role. And we were unable to assess the extent to which they did that.
:
Thank you, Mr. Chairman.
Good afternoon.
Mr. Cochrane, regarding governance, which obviously involves the Treasury Board Secretariat, according to the Auditor General, the audit revealed that Secure Channel, one of the key initiatives of Government On-Line, contained significant shortcomings in this area; departments and organizations have not yet agreed on how to continue the project and on its potential advantages; the project has no budget or complete program reflecting total cost of living expenses, and the results did not meet expectations. That was true for 2006. The report was tabled last fall.
Yet in 2003, the Auditor General tabled a report on information technologies, which also addressed the Government On-Line initiative, and in which she stated:
For the 2005 GOL deadline, the Treasury Board Secretariat should clarify the expected outcomes in meaningful, measurable, and time-limited terms. If the GOL initiative is extended beyond 2005, the Treasury Board Secretariat should develop a comprehensive strategic plan that clearly sets out what GOL is to achieve.
This is part of the Treasury Board Secretariat's response:
The Treasury Board Secretariat will continue to work with departments and agencies... Departments and agencies will also be required to report against the new Management Accountability Framework, which sets out the Secretariat's expectations for management excellence... the government should develop a comprehensive strategic plan and implementation targets.
I find it fairly contradictory that despite the significant warning given in 2003, the Auditor General's recommendations and the commitments made by the Treasury Board Secretariat, there are still governance problems today. And this is only one aspect of all information technologies.
How can you justify that?
As you know, government online was part of a bigger initiative by the government called Connecting Canadians, and as we look at that, the secure channel was a clear component piece to enable government online to achieve its outcomes. So, as Mr. Poole indicated in his opening statements, secure channel was a broad component piece to enable what we call GOL, government online. Government online was required to make 130 of the most commonly used services available to Canadians.
So the business case behind the secure channel, as an enabler, really relied on enabling those 130 transactions that required the types of networks and the type of security that are available through the secure channel. One of the challenges had been, at the time, in 2003, that the departments had identified those services but hadn't clearly identified perhaps the volume of activity that would come through the secure channel.
There was also, as you point out, a question from the Auditor General, at the time, in terms of sustainability. So funding had been made available through government online to develop the secure channel, but then the question was, at what point would we go into a long-term sustainable model. I think the questions of governance really focus in on the question of the long-term sustainable model, and the funding for the secure channel basically wrapped up—
:
Just this past fall, okay.
On page two, one of the observations you made, Madam Fraser, is that “Only two of the seven projects we looked at: the 2006 Census Online and My Account, My Business Account projects met all of our audit criteria.”
So I guess one of the questions I'd like to ask Mr. Poole—and I think this is probably going to be my last question—is what worked for those two projects, and what do we need to do to fix the other ones to make sure that they get the good rating, as these two did, with the Auditor General?
:
Thank you very much, Chair.
Thank you, and my apologies also for the first hour and a half, but democracy can be messy.
I want to deal with the issue of the business cases, similar to my colleague.
Paragraph 3.62 in the Auditor General's report states:
The business case is the foundation of every sound investment decision. For IT projects, the business case explains the rationale for the project and the project results that are needed to meet an organization's business needs.
Paragraph 3.22, on page 7, says:
In our previous audits we made recommendations about strengthening governance, business case analyses, project management, and assessments of organizational capacity. The EMF was developed to address these recommendations. Our current audit found that many problems, which our previous reports called attention to, persist because departments and agencies are not following the EMF.
And that, of course, was the result of a previous criticism that was meant to solve it, and then we find out that nobody's following it and that problem persists.
I note—and I'll throw it to whoever feels comfortable or gets the short end of the stick in answer—that in 1995 this came up, “inadequate analysis of underlying business issues”. It came up again in 1998. Paragraph 3.19 of the document says:
Since 1998, the Secretariat has produced little additional guidance on the management of large IT systems.
Let me just caution whoever is going to answer this, I understand all the things that you're going to do and the promises you're making. The answer I want is to know how we got to this point that we could go audit after audit with the same issue being pointed out as a problem, and it still remains a problem today.
Assuming that it gets fixed from this point forward—and that remains to be seen as we get into it more—I want to know how you could have ignored repeated audits that came up with the same conclusion, pointed out the same problem causing the same issues, and here we are again and it's still there. Why?
The real challenge here, probably, at the end of the day, is the measurement of whether or not departments are following the guidelines, and that's something we are being very focused on through the management accountability framework. So I'll focus on that as a tool that we use with departments to confirm that they're following the policies and the management practices of the Government of Canada.
If you're familiar with the management accountability framework, it does have an indicator that focuses very specifically on project management, and business cases are a key component in overall project management. So that's a tool we will use going forward, that we have been using and we will be using more rigorously going forward, with much tighter policies, to confirm that departments are following the practice.
When we look at projects overall, one of the things that we have developed and we're in the process of implementing with departments is a methodology called outcomes management. Outcomes management is a process whereby the business owner of the solution that's being developed identifies the specific business outcomes at the end of the project, but all the way through the project. The outcomes management process allows us, as we go through, and as we earn value through the project, to confirm that the business requirements, and actually the business results, are being delivered. I think that mechanism, in addition to whether we completed the project on time, and whether we completed it within budget, if you look at it from an industry perspective, is a far more important indicator.
So did we actually achieve the business outcomes we were trying to achieve from this technology? It plays very well with Mr. Poole's secure channel. Did the secure channel allow Canadians to have access to particular services anywhere, anytime, in a way they wanted to access them? You can look at the numbers and the volume, so it does that sort of thing with different types of business environments.
:
So there's still a substantial gap.
I have a concern about HR and not having another nightmare happen again. On page 22, in paragraph 3.95, the Auditor General's report says there was an organizational incapacity for staff.
I happen to know, because I have a substantial number of friends who were involved in the IT world around 2001 and 2002, that it was not a good time for them. Around Ottawa, there would have been a substantial number of surplus professionals. Yet when this audit was being done there weren't enough qualified people to get these projects moving along.
Does anybody want to speak to why that would have been? What was going on with human resources at the time?
In terms of AgConnex, you are correct that the project was concluded or stopped when it had only spent $14 million—which is still a significant amount of money. In dealing with Agriculture Canada officials and looking at what they had been able to accomplish, they're assured, and we were convinced as well, that there were very valuable things delivered by that.
I would say this was a real benefit for us in the challenge process, because we saw that the project was getting too large and complex and that it was not going to be able to be completed. You're right that the estimate had grown to $160 million. As part of the challenge process in TBS, we actually said that it should stop. It was stopped, and there were benefits achieved out of the $14 million.
Thank you.
:
I have a point on this whole area before we move to the next person.
I think we've probably seen this before, Madam Fraser, with the firearms registry, where maybe an ill-conceived model was embarked upon, one that was showing lots of flaws, difficulties and glitches, and that wasn't getting results. I guess when that happens in business, you make your first loss your last loss and cut the line and start over when you have something that is poorly designed and isn't going to work.
Do we have same situation here with this secure channel setup? Do we have a creature that's going to be very difficult to adapt and make work for all these departments?
I want to ask about the Auditor General's comments regarding small projects versus big projects. Again, the second part of paragraph 3.22, on page 7, says:
We are concerned that although research clearly indicates that small IT projects are more likely to succeed than large ones, departments and agencies are again undertaking large IT projects. Because the portfolio of large-scale departmental IT projects is growing, we believe that a strong governance and management framework is critical if the government is to avoid the past mistakes.
I have two questions. First, Madam Fraser, I want to pursue a bit when you said that you witnessed projects being approved and money flowing, without the business case being made. Of course things take on a life of their own. I'd like a little response from somebody on that. This was at the very end of my questioning last time.
Who is making those kinds of decisions and under what authority? Does that not violate somebody's procedures, either those at Treasury Board or internal somewhere? That's one question.
The second question is broader. Why are we going to the larger projects? The simple answer would be because it's so big and the government is so big. But clearly there was an attempt to try to break things down into more manageable projects as an approach, as a policy. If I read this properly, it suggests that we were moving away from this and trying to keep things as small projects.
Please answer the first question first.
In terms of how those decisions are made, and why they are made without a complete business case, we agree that business cases need to be improved.
Let me clarify that when decisions are made, they are based on a very complete and fulsome Treasury Board submission. Although we agree that the business case portion of this should be improved, and we specifically want it to improve its focus on things such as options, analysis, and outcome management, we also want to state that very clear plans are made, in terms of how money is spent and on what things. There has to be a detailed project plan that also deals with risks and things like that. Those are all the pieces that have to be there as part of a Treasury Board submission before we will let it go forward.
So we agree with the Auditor General that the full business case, looking at business outcomes and how to achieve them, needs to be in place. That's one of the areas of focus that we have in our action plan.
:
I'm sorry, but we've been told that before. That's not new. See, you're getting me angry now. You've been there before. You've had the advice from other audits that you ought not to be doing that. Now you're telling me, oh yes, we see this as a problem now, and we're going to go do it.
We've already been there twice, sir. Now we're on the third go-round with these things being submitted.
So either the business plans are important, as the AG said, and you respect that, or they aren't, in which case make the case that we ought not to have them. Please don't tell me that all of a sudden, everything is just fine and dandy, because it hasn't been, sir.
:
On the question of smaller versus larger projects, if you look back at the 1960s, 1970s, and 1980s, a lot of what we were doing was automating very specific functions in organizations, such as pay systems, tax, and some of those more specific functions.
As we move into the current age, the types of things we do today are very much cross-functional, cross-organizational. So on a security basis, you hear about interoperability. You hear about the need for all these agencies to work together. Some solutions require a tremendously more significant and substantial initiative to make them go forward.
Obviously the challenge is to break them down into bite-sized chunks. But we can't avoid the kind of work we're into today that says the government is a big enterprise, and there's a need to share information and data. I use security as a good example, but there are other good examples.
We need to pull in all of our financials, so we know what the government is doing holistically. Those require much more sophisticated, larger, interoperable solutions across this organization. These are also occurring in industry. The challenge here is to do them in bite-sized chunks.
If you take a solution off the shelf, such as one from SAP, try to stay with the solution and not modify it.
So there are a lot of lessons learned. We understand how to do that; we need to do it better.